# HG changeset patch
# User Marco Cirillo <maranda@lightwitch.org>
# Date 1348018258 0
# Node ID 21e99dc949eec2c95c9fe38c59f58949fea3b98a
# Parent  30d49c26d21987f3823fd54e31f35401369208ef
mod_host_guard: close down streams from and to filtered entities, on initialization / configuration reload.

diff -r 30d49c26d219 -r 21e99dc949ee mod_host_guard/mod_host_guard.lua
--- a/mod_host_guard/mod_host_guard.lua	Tue Sep 18 21:05:41 2012 +0200
+++ b/mod_host_guard/mod_host_guard.lua	Wed Sep 19 01:30:58 2012 +0000
@@ -3,6 +3,9 @@
 
 module:set_global()
 
+local hosts = hosts
+local incoming_s2s = prosody.incoming_s2s
+
 local guard_blockall = module:get_option_set("host_guard_blockall", {})
 local guard_ball_wl = module:get_option_set("host_guard_blockall_exceptions", {})
 local guard_protect = module:get_option_set("host_guard_selective", {})
@@ -10,6 +13,7 @@
 
 local config = configmanager
 local error_reply = require "util.stanza".error_reply
+local tostring = tostring
 
 local function s2s_hook (event)
 	local origin, stanza = event.session or event.origin, event.stanza or false
@@ -66,13 +70,33 @@
 	end
 end
 
+local function close_filtered()
+	for _, host in pairs(hosts) do
+		for name, session in pairs(host.s2sout) do
+			if guard_blockall:contains(session.host) and not guard_ball_wl:contains(session.to_host) or
+			   guard_block_bl:contains(session.to_host) and guard_protect:contains(session.host) then
+				module:log("info", "closing down s2s outgoing stream to filtered entity %s", tostring(session.to_host))
+				session:close()
+			end
+		end
+	end
+	for session in pairs(incoming_s2s) do
+		if session.to_host and session.from_host and
+		   (guard_blockall:contains(session.to_host) and not guard_ball_wl:contains(session.from_host) or
+		   guard_block_bl:contains(session.from_host) and guard_protect:contains(session.to_host)) then
+			module:log("info", "closing down s2s incoming stream from filtered entity %s", tostring(session.from_host))
+			session:close()
+		end
+	end
+end
+
 local function init_hosts(u, i)
 	for n in pairs(hosts) do
 		if guard_blockall:contains(n) or guard_protect:contains(n) then
-			handle_deactivation(n, u, i)
-			handle_activation(n, u) 
+			handle_deactivation(n, u, i) ; handle_activation(n, u)
 		end
 	end
+	close_filtered()
 end
 
 local function reload()